In this episode, Jim McDonald welcomes back Martin Kuppinger, Principal Analyst at KuppingerCole, to discuss the rapidly evolving landscape of identity in 2026. With Jeff Steadman away, Jim and Martin dive deep into the intellectual challenges posed by AI agents and the limitations of traditional non-human identity frameworks. Martin explains why organizations are feeling a sense of disillusionment with AI and how a capability-based identity fabric approach can help manage the complexity. They also explore the balance between security and business enablement, the rise of workload identities, and what to expect at the upcoming European Identity and Cloud Conference (EIC) in Berlin.

Connect with Martin: https://www.linkedin.com/in/martinkuppinger/

KuppingerCole: https://www.kuppingercole.com

European Identity and Cloud Conference (EIC) (don’t forget to use our discount code idac25mko): https://www.kuppingercole.com/events/eic2026

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Timestamps

00:00 - Welcome back to 2026 and EIC preparations

02:48 - The shift from future potential to current AI agent challenges

03:12 - Understanding AI disillusionment and the lack of control in regulated industries

05:19 - Security as a business enabler vs progress prevention

09:55 - Why AI agents should not be classified simply as non-human identities

11:43 - Complex relationships between humans, agents, and delegated tasks

15:17 - Self-service identity for knowledge workers and AI productivity

18:40 - The risks of decentralized agent creation and "shadow" AI

21:58 - How AI is being baked into identity products beyond role mining

26:55 - Using usage data to reduce over-entitlements

34:10 - The Identity Fabric: A capability-based approach to IAM

40:33 - Vendor rationalization and the flexibility of the fabric

47:19 - Previewing EIC 2026 topics: Wallet initiatives and consent

52:44 - Final advice: Curing symptoms vs addressing causes

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Martin Kuppinger, KuppingerCole, IAM, AI Agents, Identity Fabric, EIC 2026, Non-Human Identity, Workload Identity, ITDR, IGA, Cybersecurity

Jeff Steadman is joined by RSM colleagues Rich Servillas and Charles John to explore the critical intersection of identity access management, operational resilience, and disaster recovery. Rich, a director from the cyber response group, shares insights from the front lines of ransomware and cloud intrusions, while Chuck, director of operational resilience, discusses the importance of business continuity planning. The conversation covers the true impact of security incidents on brand reputation and operations, the necessity of out-of-band communication, and why identity is often the first thing challenged and the last thing trusted during a crisis. The guests also provide practical advice for IAM professionals on reducing blast radius through standing privilege reduction and robust logging.

Connect with Rich: https://www.linkedin.com/in/richard-servillas-041a0551/

Connect with Chuck: https://www.linkedin.com/in/chuckjohn/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Timestamps:

00:00:00 - Introduction and 2026 conference outlook

00:01:44 - Introducing guests Rich and Chuck from RSM

00:03:56 - Defining operational resilience and business continuity

00:06:22 - When and how to start the planning process

00:09:55 - Chuck's background in public health and emergency management

00:12:44 - The broad impact of incidents on brand and operations

00:16:45 - Key elements every recovery plan must include

00:19:14 - Defining incident severity and matrixes

00:21:52 - Identity as the new perimeter and its operational dependencies

00:24:57 - Why hackers log in rather than break in

00:26:46 - The first hours of a cyber incident response

00:29:35 - Current threat trends and the role of AI

00:31:29 - Updating plans through post-action debriefs

00:34:31 - Cyber insurance gaps and contractual SLAs

00:40:24 - Advice for identity professionals on reducing blast radius

00:46:10 - Personal milestones and looking forward to 2026

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, Cybersecurity, Business Continuity, Disaster Recovery, Operational Resilience, RSM, Incident Response, Ransomware, Cyber Insurance, Identity Governance

Jeff and Jim are joined by Gartner Analyst Rebecca Archambault for a special live edition of the podcast recorded at the Gartner Identity & Access Management Summit in Grapevine, Texas on December 10, 2025. Instead of a traditional interview, the trio hosts "Majority Rules," an interactive game show where the live audience votes on pressing and fun identity topics. Listen in to hear the pulse of the room on everything from the biggest buzzwords of the year and the true purpose of analyst 1:1 sessions, to the best strategies for navigating the vendor hall. The group explores audience preferences on IGA, AI risks, non-human identities, and the most common lies told in sales cycles. It is a fun, lighthearted look at what identity professionals are actually thinking about the current state of the industry.

Connect with Rebecca: https://www.linkedin.com/in/rebecca-becky-archambault-4b4285111/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapter Timestamps

00:00 - Intro and Game Rules

02:40 - First Question: Favorite Podcast

03:15 - Networking vs. Education

04:08 - Buzzword of the Year: Agentic Identity

04:47 - User Behavior Analytics Usage

05:37 - Expo Hall Memories and Socks

06:20 - The Twist: Battle Royale Rules

06:45 - The True Purpose of Analyst 1:1s

07:55 - Mitigating Agentic AI Risks

08:55 - Strategies for the Vendor Hall

09:37 - The Future of IGA

10:15 - Favorite Gartner Reports

11:05 - Benefits of Just-in-Time Access

11:45 - AI in Authentication Priorities

12:35 - Securing Non-Human Identities

13:05 - Keys to Successful B2B IAM 13:40 - The Hardest Part of Role Mining

14:15 - PAM for AI Agents

14:50 - Keynote Takeaways

15:40 - Measuring IAM Success

16:20 - Defining ITDR

17:05 - The Biggest Lie in IAM Sales

17:35 - Least Favorite Gartner Report

18:10 - Audit Preparation Preferences

18:45 - Common Lies in the Vendor Hall

19:15 - The Most Dangerous Access Right

19:35 - Winner Announcement and Outro

Keywords

IAM, identity management, cybersecurity, Gartner IAM Summit, Majority Rules, game show, Rebecca Archambault, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Agentic Identity, ITDR, non-human identity, role mining, zero standing privileges

#395 - Sponsor Spotlight - Redblock

This episode is sponsored by Redblock. Visit redblock.ai/idac to learn more.

Jeff and Jim come to you live from the Gartner IAM Summit in Grapevine, Texas, for a special Sponsor Spotlight with Redblock. They sit down with CEO Indus Khaitan to discuss how Redblock uses AI and computer vision to solve the "last mile" problem in identity management: disconnected applications.

Indus explains how Redblock acts as an "agentic" layer, using screen recordings to learn administrative tasks for apps that lack APIs. The conversation covers the origin of the company name, the urgency of securing the "long tail" of applications, and how they build trust and guardrails around AI execution. They also discuss the "DoorDash" analogy for identity fulfillment and wrap up with a fun chat about Indus's passion for flying planes.

Connect with Indus: https://www.linkedin.com/in/khaitan/

Learn more: redblock.ai/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at [idacpodcast.com](http://idacpodcast.com)

Timestamps

00:00 Introduction from Gartner IAM Summit

00:46 Guest Introduction: Indus Khaitan of Redblock

01:40 Indus's Journey into Identity

02:41 The Origin of the Name "Redblock"

04:20 The Underserved Market: Services vs. Software

07:34 The Urgency of Securing Disconnected Apps

09:19 Why Traditional IGA and PAM Aren't Enough

11:35 The DoorDash Analogy: Where Redblock Fits

14:30 What Makes Redblock Unique? (Agentic Process Automation)

16:15 Trusting AI with Security Tasks

18:50 Onboarding Apps via Video Recording

21:23 Deployment: Running Air-Gapped on Customer Cloud

22:17 Handling UI Changes and "Full Self-Driving" Analogy

25:40 Integration with SailPoint and Governance Tools

27:13 Speed of Integration: Days vs. Years

32:00 How the "Headless Browser" Works

33:35 Limitations: Web Apps vs. Thick Clients

36:58 Redblock's 2025 Milestones and Future Outlook

39:48 Call to Action: Solving Disconnected Apps

40:27 Impressions of the Gartner IAM Summit

44:26 Are We in an AI Bubble?

46:46 Indus's Hobby: Flying Planes

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Redblock, Indus Khaitan, AI, Artificial Intelligence, IAM, Identity and Access Management, Disconnected Apps, Agentic AI, Computer Vision, Gartner IAM Summit, RPA, IGA, Cybersecurity

We are live from the Gartner IAM Summit 2025 in Grapevine, Texas! In this episode, we welcome back Sarah Clark, now the Chief Product Officer and GM of North America at Hopae. Sarah shares her journey from Mastercard to buying rainforests in Costa Rica and rescuing dogs, before diving deep into the world of digital identity infrastructure. We discuss connecting government-issued digital IDs with the private sector to combat fraud and improve user experiences. Sarah breaks down the differences in global adoption, highlighting why the EU is leading the charge with upcoming mandates and how countries like Brazil and India are scaling their programs. We also explore the state of mobile driver's licenses in the US, the potential for age verification and workforce management use cases, and whether the US can catch up to the rest of the world. Plus, we wrap up with a heartfelt conversation about dog rescue and the challenges of pet adoption.

Connect with Sarah https://www.linkedin.com/in/sarahmclark/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Timestamps

00:00:00 - Intro: Live from Gartner IAM Summit 2025

00:01:25 - Introducing Sarah Clark and her journey to Hopae

00:03:00 - What is Hopae and the vision for digital identity infrastructure?

00:04:19 - Why governments are moving toward digital IDs (186 countries!)

00:05:32 - Solving the fraud crisis with government-issued credentials

00:07:05 - The benefits: Security, efficiency, and inclusion

00:08:52 - Global adoption curves: India, Philippines, and Brazil

00:10:48 - The EU vs. US: Who is winning the digital ID race?

00:14:04 - eIDAS 2.0 mandates and the intermediary role

00:17:03 - Future trends: Age verification, Fintech, and stablecoins

00:19:54 - Workforce management and "Know Your Employee"

00:21:28 - Sarah's passion project: Rainforest preservation and dog rescue

00:25:35 - Closing thoughts on the future of identity

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Sarah Clark, Hope, Digital Identity, Digital Wallets, Mobile Driver's License, mDL, eIDAS 2.0, Identity Verification, Fraud Prevention, KYC, Verifiable Credentials, Gartner IAM Summit, Digital Infrastructure, Biometrics, Age Verification

Join Jeff, Jim, and special guest Ian Glazer at the Gartner IAM Summit 2025 as they discuss the Identity and Access Management (IAM) industry, the evolution of IAM practices, and the exciting new concepts like Continuous Identity. They delve into topics such as the impact of AI, shared signals framework, and the struggles and triumphs of identity practitioners. Plus, hear about the Digital Identity Advancement Foundation’s mission and enjoy some lighter moments with tales of 'chuckles' and supper clubs. Don't miss this insightful and entertaining episode of the Identity at the Center podcast.

Connect with Ian: https://www.linkedin.com/in/iglazer/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Timestamps

00:00 Introduction and Casual Banter

00:50 Conference Highlights and Podcast Milestones

03:00 Introducing Ian Glazer

05:43 Digital Identity Advancement Foundation (DIF)

08:09 Challenges in Identity Governance and Administration (IGA)

13:28 Continuous Identity: A Paradigm Shift

22:31 Real-World Applications and Organizational Impact

31:51 Realistic Security Measures

32:28 Maturity of Identity and Access Management

34:54 Skills and Challenges in IAM

36:44 Metrics and Outcomes in IAM

40:23 Identity Practitioner Skills

41:19 Solving Problems with AI

46:21 Continuous Identity and Future Trends

48:45 Identity Salon and Community

54:19 Wrapping Up and Future Events

Keywords

Ian Glazer, Continuous Identity, Shared Signals Framework, CAEP, Gartner IAM Summit, Identity Security, Joiner Mover Leaver, IGA, Access Certification, Identity Salon, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, Cybersecurity, Non-Human Identity, Identity Practitioner, DIAF

Join hosts Jeff Steadman and Jim McDonald for a special live episode recorded on location at Identiverse DC! In this interactive session, Jeff and Jim host a game of "Majority Rules," where the audience competes not to answer correctly, but to guess the most popular answer in the room.

The game covers a wide range of topics, from the trivial (worst conference swag and the official uniform of an IAM architect) to the technical (securing API keys, the biggest bottlenecks in IGA, and the primary causes of role explosion).

Things get intense halfway through with the introduction of the Battle Royale rules, where picking the minority answer sends a player's score back to zero. Watch to see who survives the explosions and takes home the grand prize.

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapter Timestamps

00:00 Intro to Identity at the Center Live00:36 Explaining the Rules of Majority Rules04:25 Question 1: The Worst Conference Swag06:00 Question 2: Replying to Access Denied07:05 Question 3: AI in Identity Management08:40 Question 4: Favorite MFA Method10:12 Question 5: Least Favorite Auth Factor11:15 Turning up the Heat: Battle Royale Mode12:10 Question 6: Why RBAC is Difficult at Scale13:30 Question 7: The IAM Architect Uniform14:50 Question 8: Best Place to Hide a Secret16:15 Question 9: Protocols You Secretly Miss17:25 Question 10: Most Hated Specialized Key18:40 Question 11: Conference Responsibilities20:00 Question 12: Securing API Keys21:20 Question 13: Secrets to Surviving Keynotes22:55 Question 14: The Biggest Bottleneck in IGA24:45 Question 15: Causes of Role Explosion25:50 Question 16: What Breaks First After a Schema Update26:40 Final Question: Fastest Way to Confuse a User27:40 Crowning the Winner

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Identiverse, Identiverse DC, IAM, Identity and Access Management, Cybersecurity, InfoSec Game Show, Live Podcast, Majority Rules, MFA, IGA, API Security, RBAC, Role Explosion, Tech Humor, Cyberrisk Alliance

Jeff and Jim come to you live from the expo floor at Identiverse DC 2025. They are joined by John DelMauro, Executive Vice President at Cyber Risk Alliance, to discuss the energy of regional events and how they differ from the massive Las Vegas gatherings.

The group discusses the current state of the identity industry, the inevitable presence of AI in both marketing and event planning, and the "Identity at the Center" game show that took place earlier in the conference. John provides an exclusive look ahead at what is being planned for Identiverse in Las Vegas, including a new algorithmic approach to one-on-one networking, expanded pavilions, and potentially even puppies.

Finally, the conversation shifts to a fun hypothetical: if money and logistics were no object, what kind of conference would each of them launch? The answers range from health and longevity in Austin to a technology expo in Japan.

Connect with John: https://www.linkedin.com/in/john-del-mauro/

Learn more about the CyberRisk Alliance: https://www.cyberriskalliance.com/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapter Timestamps00:00 Introduction and vibes from Identiverse DC00:52 Recapping the Majority Rules game show02:00 Introducing John DelMauro from Cyber Risk Alliance03:59 What is Cyber Risk Alliance?05:25 The benefits of regional events vs. Las Vegas09:15 Current themes: AI dominating the conversation13:21 How AI helps in planning and researching events15:50 Previewing Identiverse Las Vegas 202517:10 The new one-on-one networking algorithm22:15 Breaking news: Puppies at the conference?24:45 Hypothetical: What dream conference would you host?27:45 Jim's take on a longevity conference29:18 Jeff's dream of a tech nerd-con31:00 Closing thoughts and wrap up

KeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, John DelMauro, CyberRisk Alliance, Identiverse, Cybersecurity, Event Planning, Networking, InfoSec, AI in Events, Washington DC, Conference Trends